Molebox 2.x Unpacker / OEP Finder Script v1.10
by Cherry

Needed tools: OllyDbg with ODbgScript-Plugin

This script will unpack all files in a Molebox 2.x packed file which are visible to the packed program into the subfolder "!UNPACKED!".
Unfortunately, in many cases the main executable is not included.

1. Copy "mbunpack.dll" and "filelen.exe" into the executable's folder.
2. Open the moleboxed executable in Olly.
3. Make sure EIP is at the entry point of Molebox stub, no breakpoints are set and all exceptions are ignored!!!
4. Run this script.
5. OEP address will be displayed and you will be asked if you want to unpack it or start exploring the file at OEP.
6. If you start unpacking, you can follow the progress in the console window which will open. Be patient.

Known bug: All folders in the root directory will be recreated in the "!UNPACKED!" subfolder, ignoring whether it existed in the archive or not.

Download: http://npshare.de/files/e2d13031/mbunpack.rar (no longer working)
(New link) http://cherrytree.at/misc/mbunpack.rar
Password: tl1bs


Have fun!
Greetings, Cherry

EDIT: Updated to v1.10 - the script didn't work with many files.

updated

maam im new in this kind of thing and i know nothing about this one, but i really want to learn..
im stuck with step 3, how can i do it??? how to run script in olly?

i want to unpack the lates molebox including those wiht license

please help me

You need the ODbgScript plugin: http://sourceforge.net/project/showfiles.php?group_id=195914

After installing it, you'll find an entry "ODbgScript->Run Script..." in the Plugins menu.

i realy realy cnt find this in OLLydbg window
After installing it, you'll find an entry "ODbgScript->Run Script..." in the Plugins menu.

please help

Have you installed the ODbgScript plugin? It needs to be put in the "plugins" subfolder of Olly in most cases, or, if this folder doesn't exist, in the main folder of Olly.

yes i install in already

then i open th olly but the only buttons i see at the top are

FILE VIEW DEBUG TRACE OPTIONS WINDOWS HELP

no plugin buttons T_T

can i ask for aguide wiht pictures maam?

damn im so noob

Go to Options->Appearance->Directories and make sure the right plugin path is set.

cherry this what i saw

Locaton af API help file [its asking for .hlp file]

Directory for .udd files ??? is this correct?

i cant find file with .udd and .hlp


edit i found it now thw plugins.hlp
am i doing thr right thing?

now how to run the script still cant get it.. i think im using different ollydbg. can u show me how to do it exctly, i cant figure it out
tnx

Oh!

Are you using OllyDbg 2? Version 2 doesn't support plugins yet. Use OllyDbg v1.10.

are these the correct files man??
i followed the guide and also see the plugis now but when i run
i got game.exe cannot load independently................ and also i still didnt follow this step 4. Run this script.

i cannot load the .txt rom your archive...

http://i247.photobucket.com/albums/gg145/ramispo/plesae.jpg

erm, you have to UNPACK the ODbgScript.1.67.3.VC6.zip file, of course.

i have unpacked it in the same folder already maam,then i load up the plugins, then restart olly, then open gam.exe in olly, this part is the part i cant do right,, running the script from your archive, i cant open the txt file by cherry..after i put the directory of the plugins, when i resatrt the olly plugins gone, the i do some trial and error, i open option,appearance, directories, then i see this options again

UDD path and Plugin pathc which i already configured alreday.. the UDD pack i did not change , coz i dont know what it is.
damn, why i cant understandthe guide( this is my first doing this one, o have no idea)

i just want to open some game.exe, but i cant do it.. maam your my only hope, i think text guide can not help me T_T

http://i247.photobucket.com/albums/gg145/ramispo/icantrun.jpg

http://cherrytree.at/misc/tuts/mbunpack_tut.htm

Hi cherry,
maybe u can help me.

i wanted to unpack an exe file which is packed by Molebox.

But im stuck at point 3.
I dont make much with Olly.
So i hope u maybe can explain me this thing or show me a thread where it show?

3. Make sure EIP is at the entry point of Molebox stub, no breakpoints are set and all exceptions are ignored!!!

Thx Cherry.
This nice script!
But ,I want to decode main exe file to hex and edit.
Because This script is unpack files in exe only. But that exe file encrypt by molebox.
ps. Sorry, I bad eng.

This is a file. I want to edit.
http://rapidshare.com/files/242617221/Goon.rar.html

cherry i have unpack lots of molebox pack files as my practice in unpacking
but why i cant unpack this one
it says script finish but nothing unpack
please check
thanks a lot

here the link http://www.mediafire.com/?zowzmkrojjn ("http://www.mediafire.com/?zowzmkrojjn")

Please send me the missing dll files too.

the first problem is now solve cheery
i ask the owner, he said he out nothing in it
just a folder

now i have new one
this one it seems, he separate the file box of mole box
and renamed it to d3dx9_30.dll

based on my observation
d3dx9_30.dll <<< is the only the file being upated after the patch

so how can we unpacked it?

heres the link
http://www.mediafire.com/?ln2okmtzm2d ("http://www.mediafire.com/?ln2okmtzm2d")
i also include other dlls

i hope u can help me with this one

my email, bluenight_19842001@yahoo.com
please send me also the steps

big thanks

thanx to cherry!!!

Thanks for the vid it made it more easier XD

Somehow I cannot find a way to edit my first post.

The link is down. New link: http://cherrytree.at/misc/mbunpack.rar


[First Post Corrected with working link. Password still the same. (JMI)]

Cherry:

The edit feature is a "timed" process. After the "time" passes, one can no longer edit their own post. You can, however, as you have done, post a "new" post pointing out what has changed or needs to be corrected.

Regards,

Okay.

Please replace the link then.

Thanks,
Cherry